CVE-2024-37305

Buffer overflow in deserialization in oqs-provider

Severity Score

8.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.

oqs-provider es un proveedor de la librería de criptografía OpenSSL 3 que agrega soporte para criptografía poscuántica en TLS, X.509 y S/MIME utilizando algoritmos poscuánticos de liboqs. Se han identificado fallas en la forma en que oqs-provider maneja las longitudes decodificadas con DECODE_UINT32 al inicio de firmas y claves híbridas serializadas (tradicionales + poscuánticas). Los valores de longitud no verificados se utilizan posteriormente para lecturas y escrituras de memoria; La entrada mal formada puede provocar fallas o fugas de información. El manejo de la operación de clave PQ simple/no híbrida no se ve afectado. Este problema se solucionó en la versión 0.6.1. Se recomienda a todos los usuarios que actualicen. No existen workarounds para este problema.

*Credits: N/A

CVSS Scores

GitHubv3.1 8.2

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-05 CVE Reserved
2024-06-17 CVE Published
2024-06-18 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-130: Improper Handling of Length Parameter Inconsistency
CWE-190: Integer Overflow or Wraparound
CWE-680: Integer Overflow to Buffer Overflow
CWE-805: Buffer Access with Incorrect Length Value

CAPEC

References (2)

URL	Tag	Source
https://github.com/open-quantum-safe/oqs-provider/pull/416	X_refsource_misc
https://github.com/open-quantum-safe/oqs-provider/security/advisories/GHSA-pqvr-5cr8-v6fx	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Open-quantum-safe Search vendor "Open-quantum-safe"		Oqs-provider Search vendor "Open-quantum-safe" for product "Oqs-provider"				< 0.6.1 Search vendor "Open-quantum-safe" for product "Oqs-provider" and version " < 0.6.1"		en		Affected